Privacy Policy
This policy explains how RewindMedia ("we", "us", "our") collects, uses, and protects your personal data when you use our tape-digitisation service at [your-domain.tld] (the "Service"). It is written to comply with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 ("PECR").
Contents
1. Who we are
RewindMedia is operated by [Company name and number, e.g. RewindMedia Ltd, Company No. 12345678], registered in England and Wales at [registered address]. We are the data controller of any personal data we process about you.
Our ICO registration number is [ICO ZA registration number]. You can verify this at ico.org.uk.
For privacy questions, contact privacy@rewindmedia.example.
2. What personal data we collect
You give us:
- Account info: username, email address, hashed password, the date you signed up.
- Communications: any message you send to support or operations, including the transcript of any live-chat conversation with our support assistant ("Casey").
- Tape content: the video files we digitise from your tapes (and the thumbnails we generate from them). We treat the content of these as your data, but you remain the rights-holder.
- Tape metadata: tape titles and descriptions you set, the recording date if you tell us, your watch progress within each tape (so we can show "continue watching" and resume playback), and any people you tag in a tape.
- People you tag: a name, an optional initial, an optional photo you upload for each person — used as the avatar in the "Faces in the tape" rail in your library. These records belong to your account only — they're never shared between users.
- Optional profile: if you change your email address, we record the date and time of the change.
You give to our payment provider (we don't see):
- Payment details are handled directly by Stripe Payments UK Ltd. We never see or store your card number, CVC, or bank details. We only receive a Stripe customer ID and subscription status.
We collect automatically:
- Technical data: IP address, browser user agent, request timestamps, error traces. Used to operate the service securely and debug issues.
- Session data: a session cookie so you stay signed in.
- Shipping data: when you ship us tapes, the carrier (Royal Mail / Parcelforce / etc.) provides tracking events.
- Chat transcripts: if you start a live-chat conversation with Casey, we record the messages so we can deliver replies, escalate to a human if needed, and (anonymised) review common questions to improve the assistant. Transcripts are retained per the schedule in §7.
3. How we use your data
- To provide and operate the digitisation service.
- To process subscription payments via Stripe.
- To send transactional emails: account verification, password resets, "your tape is ready", shipping updates, and important service notices.
- To respond to support questions you send us.
- To detect, investigate, and prevent fraud, abuse, or technical attacks.
- To comply with our legal and regulatory obligations (e.g. retaining invoice records for HMRC).
We do not use your tape content to train machine-learning models, sell it, or share it with anyone you haven't authorised. Operators view tape content only briefly during the digitisation workflow (colour-correction, audio-level checks).
4. Lawful bases for processing (UK GDPR Article 6)
- Contract performance (Art. 6(1)(b)): processing your account, subscription, tape content, and shipping data is necessary to deliver the service you signed up for.
- Legitimate interests (Art. 6(1)(f)): security monitoring, fraud prevention, and basic service-improvement analytics. We balance these against your rights and you can object at any time.
- Legal obligation (Art. 6(1)(c)): retaining billing records for tax purposes (HMRC requires invoice records for 6 years).
- Consent (Art. 6(1)(a)): any optional marketing emails. Currently we don't send marketing — if we ever start, you'll be asked to opt in explicitly, and you can withdraw at any time.
5. Who we share your data with
We use a small number of carefully chosen service providers ("processors") to operate the Service. We share only what they need to do their job, under written data-processing agreements.
- Stripe Payments UK Ltd (payment processing) — payment information and customer ID. Stripe is a UK-regulated payment institution; their privacy policy: stripe.com/gb/privacy.
- Mailgun (Sinch UK), EU region (transactional email) — your email address and the contents of any email we send you. Mailgun is GDPR-compliant; data resides in the EU. Privacy policy: mailgun.com/privacy-policy.
- Oracle Cloud Infrastructure (hosting) — all of the above is stored on Oracle's UK / EU data centres. Privacy policy: oracle.com/legal/privacy.
- GitHub Inc. (container registry, code repository) — does not receive any customer data; only used for deploying our software.
- Cloudflare Inc. (DNS / DDoS protection, if enabled) — sees IP addresses and request metadata in transit. Privacy policy: cloudflare.com/privacypolicy.
We do not sell or rent your personal data to anyone. We will only share with law enforcement or regulators if legally compelled, and where lawful we'll notify you first.
6. International data transfers
Most of your data stays in the UK or EU. Where data is transferred outside the UK (e.g. some Stripe processing in the United States), we rely on the UK International Data Transfer Agreement (IDTA) or the European Commission's Standard Contractual Clauses with the UK Addendum, plus supplementary technical measures (encryption in transit and at rest), to ensure the same level of protection.
7. How long we keep your data
- Account data: while your account is active. After you cancel a subscription, your account stays in this category for the 90-day grace window and only enters the deletion track if you don't re-activate. After you delete your account (Account → Settings → Danger zone), erasure is immediate — see "Right to erasure" below.
- Tape files (renditions and thumbnails): while your account is active. Deleted within 90 days of cancellation, immediately on account deletion.
- People records and uploaded avatar photos: deleted with the account.
- Watch progress: deleted with the account.
- Billing and invoice records: retained for 6 years after the end of the financial year, as required by HMRC. This is the only category that survives account deletion in identifiable form, and only because we're legally required to keep it.
- Server logs: 30 days unless they relate to a security incident under investigation.
- Support correspondence and chat transcripts: 2 years after the last message. After account deletion, your name and email are unlinked from the rows but the conversation text remains for a further 2 years so we can keep improving the bot — this rests on legitimate interest, balanced against the privacy impact (the message text alone, with no identifiers, is low-risk). You can object at any time per §8.
Right to erasure (UK GDPR Art. 17)
You can erase your account at any time, without contacting us, via Account → Settings → Danger zone → Delete account. The confirmation page lists exactly what will be removed. Deletion is immediate and irreversible.
If you'd rather have a human do it, email privacy@rewindmedia.example from the address on your account.
8. Your rights
Under UK GDPR you have the right to:
- Access — get a copy of the personal data we hold about you (Art. 15).
- Rectification — correct inaccurate data (Art. 16).
- Erasure — ask us to delete your data ("right to be forgotten") (Art. 17).
- Restriction — ask us to limit how we process your data (Art. 18).
- Portability — get your data in a machine-readable format (Art. 20). We provide an account export on request.
- Objection — object to processing based on legitimate interests (Art. 21).
- Withdraw consent — for any processing based on consent (Art. 7(3)).
- Automated decision-making — we don't make decisions about you using automated means alone (Art. 22).
To exercise any of these rights, email privacy@rewindmedia.example. We will respond within one calendar month as required by UK GDPR.
If you're unhappy with how we've handled your data, you have the right to complain to the Information Commissioner's Office (ico.org.uk, 0303 123 1113). We'd appreciate the chance to address your concerns first.
9. Cookies
We use only strictly necessary cookies:
sessionid— keeps you signed in. Expires when you sign out or after 2 weeks of inactivity.csrftoken— protects against cross-site request forgery on form submissions. Expires after 1 year.
Under PECR Regulation 6, strictly-necessary cookies don't require consent. We do not use analytics, advertising, or marketing cookies. If we ever introduce non-essential tracking, we'll show a consent banner first.
10. Security
- All traffic to our service is encrypted in transit using TLS 1.2+.
- Passwords are hashed using PBKDF2 (Django default) — we never see your plain password.
- Disk volumes that hold your videos and our database are encrypted at rest (LUKS on the storage volume).
- Video URLs are signed and short-lived — copying a network URL out of the player gives a working link for 5 minutes only, after which the same URL stops resolving.
- Access to production systems is limited to named staff and audited.
- The administrative panel sits behind two layers of authentication: a network-level basic-auth gate and Django's own login.
- We follow the principle of least privilege internally.
If we ever suffer a personal-data breach that meets the UK GDPR notification threshold, we will notify the ICO within 72 hours and notify affected users without undue delay.
11. Children
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, please email us and we'll delete it.
12. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top reflects the most recent change. Material changes (anything that materially expands what we collect or how we use it) will be notified to existing users by email at least 14 days before they take effect.
13. Contact
Privacy questions, data-subject requests, or breach reports:
Email: privacy@rewindmedia.example
Post: [Registered office address]
◀◀ BACK TO REWINDMEDIA ▶▶